Rocky_Linux_8
Sponsored Link

Auditd : Install2021/07/22

 
Configure System Auditing by Auditd.
It's possible to monitor System Calls, Security Events, File Accesses, Commands Executing and so on.
[1] Audit package is installed by default even if minimal installation of Rocky Linux 8, but if not, Install it like follows.
[root@dlp ~]#
dnf -y install audit
[root@dlp ~]#
systemctl enable --now auditd

[2] It's possible to change some settings of Auditd on auditd.conf.
[root@dlp ~]#
vi /etc/audit/auditd.conf
# line 7 : specify logfile

log_file = /var/log/audit/audit.log
# line 12 : maximum size of a logfile (MegaBytes)

max_log_file = 8
# line 13 : number of logfiles if specified [max_log_file_action=ROTATE]

num_logs = 5
# line 15 : hostname in logfiles

# valid value : NONE, HOSTNAME, FQD, NUMERIC, USER

name_format = NONE
# line 16 : hostname you like if specified [name_format=USER]

##name = mydomain
# line 17 : specify action if the size of a logfile is over the limit
# valid value : IGNORE, SYSLOG, SUSPEND, ROTATE, KEEP_LOGS

max_log_file_action = ROTATE
Matched Content